The internet has become a baseline requirement to conducting business. Whether checking email, catching up on industry news or accessing customer information, most of us use the internet throughout the day, every day, in a variety of capacities. But, do we understand how it works, even at a basic level? In order to better explain the darknet and the darkweb, let’s start with an overview of the internet.
The term internet is short for internetwork, a system created by connecting a number of computer networks together. An internet allows for communication between devices that are a part of that internetwork.
The internet, which until recently was denoted by a capital “I”, is the most well-known example of an internetwork. This is the internet that we find indispensable to our daily lives, and it links billions of devices across the world through a network of networks using standardized procedures or protocol.
Browsing websites on the web is not the only way in which information is shared via the internet. Email, instant messaging, and FTP are other ways to share information like emails, messages, and files.
To clarify, the web is not synonymous with the internet and should not be confused with it. The web is simply a way of accessing webpages over the medium of the internet.
The Surface Web
The websites we browse each day make up only a small percentage of the internet.
These sites, collectively known as the surface web, are visible and accessible to common search engines such as Google and Yahoo. While estimates vary, many experts agree that the surface web comprises roughly 4% of all online content. For more reading on how search engines crawl and index web content, see Google's excellent overview.
Below the Surface
Beyond the surface web, 96% of online content is found in the deep web and the darknet.
The Deep Web
The deep web consists of content that cannot be found or directly accessed via surface web search engines such as Google and Yahoo. Examples of deep web sites include websites that require credentials (registration and login), unlinked sites that require a direct link to access, sites that are purposefully designed to keep search crawlers out, and databases - the majority of content in the deep web.
Deep web databases commonly have their own search functionality which allows users to access the data contained within them. Government databases (we'll get to an example in a minute), patient medical records, and library catalogs are just a few examples of deep web databases. While these databases do not have to require login credentials, many of them do.
Let's take a look at the Denver Property Taxation and Assessment System website. Individuals can use this site to search property assessment and tax data by entering a Denver-based address into the system. However, if you enter this same Denver-based address into Google or Yahoo (and even include terms such as 'property assessment' or 'tax data'), you will not find the results from the Denver Property Taxation and Assessment System website. This database and its search functionality are one example of a deep web database that is hidden from surface web search engines.
The Darknet + The DArk Web
Beyond the deep web is the darknet. The darknet is a network, built on top of the internet, that is purposefully hidden, meaning it has been designed specifically for anonymity. Unlike the deep web, the darknet is only accessible with special tools and software - browsers and other protocol beyond direct links or credentials. You cannot access the darknet by simply typing a dark web address into your web browser.
Above we mention that the internet we refer to and use daily is the most well-known example of an internet. Similarly, below are several examples of darknets (each links to more information):
- Tor, or The Onion Router, is a group of volunteer-operated servers that allows people to improve their privacy and security on the Internet. Users connect through a series of virtual tunnels rather than making a direct connection.
- I2P, or the Invisible Internet Project, is an anonymous overlay network - a network within a network - intended to protect communication from surveillance and monitoring.
- Freenet is free software which allows users to anonymously share files, browse and publish "freesites" (web sites accessible only through Freenet) and chat on forums. Communications by Freenet nodes are encrypted and are routed through other nodes to make it extremely difficult to determine who is requesting the information and what its content is.
- DN42 is an example of a darknet, a routing protocol, that is not necessarily meant to be secret - its aim is to explore internet routing technologies.
We'll use Tor, perhaps the most well-known and most-used, to better explain the darknet and dark web. Tor, short for The Onion Router (the project's original name), routes traffic to dark web sites through layers of encryption to allow for anonymity. The term dark web refers to websites on a darknet. In Tor's case, these dark web addresses all end in .onion.
Onion routing is implemented by encryption, nested like the layers of an onion. Tor encrypts the data, including the destination, multiple times and sends it through a circuit of randomly selected Tor relays. Each relay decrypts a layer of encryption to reveal only the next relay in order to pass the remaining encrypted data on. The final Tor relay decrypts the innermost layer of encryption and sends the original data to its destination without revealing, or even knowing, the source address.
The other darknets mentioned above employ similar methods of data transmission, all with the end goal of keeping users, usage, and information hidden.
Who Uses the Darknet and Why?
While most of what you've likely heard or read about the darknet and dark web sites involves illegal or nefarious activity, there are many legal uses for the darknet. (There's even a Facebook .onion site!)
Privacy advocates: Many people care about their privacy and would like to keep their legal, online activity private from surveillance and monitoring by third parties, including internet service providers, businesses, and governments.
For example, a survivor of domestic abuse or illness may wish to privately participate in dark web support forums.
Other users of the darknet may wish to learn about controversial, though legal, topics through chat, blog posts, and other dark web browsing.
Law enforcement: The FBI and other law enforcement groups may use the darknet for sting operations or to keep governmental IP addresses out of web logs
Military: Members of the military intelligence community use the darknet as a source of OSINT, open-source intelligence information - information that is publicly available.
Researchers: Security researchers and "white hat" hackers (people who hack various computer networks and programs to test or evaluate their security) utilize the darknet as a source of information on computer software and hardware, exploits, tools, etc.
Companies: Due to the volume of stolen and forged information, fraud, and discussion around these topics happening on the darknet, many businesses attempt to monitor the darknet for the presence of or chatter regarding their proprietary information.
Political regimes: People living and/or working in countries being led by oppressive regimes will often take to the darknet for a myriad of reasons, including:
internet access, where access or use of the internet is restricted or highly controlled.
political activism or revolutionary actions, including the spread of information both within country and abroad (e.g. exposing human rights abuse), planning of meet ups or rallys, etc.
safe and private communication, especially for non-governmental organization (NGO) or private sector employees working in war torn or unstable nations.
Journalists: Many journalists leverage the darknet for encrypted communications to protect both themselves and their source(s). Journalists also use the darknet to avoid censorship.
Of course where there are valid uses for anonymity, there are also criminals looking to use the anonymity of the darknet to their advantage, with the largest volume of darknet sites revolving around drugs, darknet markets (darknet sites for the buying and selling of goods and services), and fraud. Examples of criminal use of the darknet are seen below.
Drug or other illegal substance dealers: A variety of darknet markets (black markets) allow for the anonymous buying and selling of drugs and other illegal or controlled substances like pharmaceuticals.
Counterfeiters: Counterfeiters offer document forging and currency imitation services via the darknet.
Sellers of stolen information: Credit card numbers and other personally identifiable information (PII) can be purchased on the darknet for theft and fraud activities.
Weapons dealers: A variety of darknet markets (black markets) allow for the anonymous, illegal buying and selling of weapons.
Hackers: Black hat hackers, or those looking to bypass and exploit security measures for personal gain or simply out of spite for an organization or action, brag about their exploits, communicate and collaborate with other hackers, and share security exploits (take advantage of a bug or vulnerability to gain access to software, hardware, data, etc.) on the darknet.
Gamblers: Certain sites on the darknet block U.S.-based internet service providers. Gamblers may take to the darknet to skirt local gambling laws.
Terrorists: Just as people living and/or working in countries being led by oppressive regimes will often take to the darknet, terrorists do too. Internet access, recruiting, sharing of information, and organizing can be done anonymously on the darknet.
Murderers/Assassins: While there is debate as to whether these services are legitimate, law enforcement, or simply fictitious sites, there are dark web sites where murder-for-hire services are listed.
Vendors of illegal explicit materials: We won't go into further detail here.